Allow unauthenticated binds

modules/integrations/activedirectory/collect/cli.go

@@ -39,7 +39,7 @@ var (
 	port   = Command.Flags().Int("port", 636, "LDAP port to connect to (389 or 636 typical)")
 	domain = Command.Flags().String("domain", "", "domain suffix to analyze (contoso.local, auto-detected if not supplied)")
 	user   = Command.Flags().String("username", "", "username to connect with (someuser@contoso.local)")
-	pass   = Command.Flags().String("password", "", "password to connect with ex. --password hunter42")
+	pass   = Command.Flags().String("password", "", "password to connect with ex. --password hunter42 (use ! for blank password)")
 
 	tlsmodeString = Command.Flags().String("tlsmode", "TLS", "Transport mode (TLS, StartTLS, NoTLS)")
 
@@ -185,6 +185,11 @@ func PreRun(cmd *cobra.Command, args []string) error {
 				*pass = string(passwd)
 			}
 		}
+
+		if *pass == "!" {
+			// A single ! indicates we want to use a blank password, so lets change it to that
+			*pass = ""
+		}
 	}
 
 	if authmode == 3 {

modules/integrations/activedirectory/collect/ldap.go

@@ -86,8 +86,13 @@ func (ad *AD) Connect(authmode byte) error {
 		log.Debug().Msgf("Doing unauthenticated bind with user %s", ad.User)
 		err = ad.conn.UnauthenticatedBind(ad.User)
 	case 1:
-		log.Debug().Msgf("Doing simple bind with user %s", ad.User)
-		err = ad.conn.Bind(ad.User, ad.Password)
+		if ad.Password == "" {
+			log.Debug().Msgf("Doing simple unauthenticated bind with user %s", ad.User)
+			err = ad.conn.UnauthenticatedBind(ad.User)
+		} else {
+			log.Debug().Msgf("Doing simple bind with user %s", ad.User)
+			err = ad.conn.Bind(ad.User, ad.Password)
+		}
 	case 2:
 		log.Debug().Msgf("Doing MD5 auth with user %s from domain %s", ad.User, ad.AuthDomain)
 		err = ad.conn.MD5Bind(ad.AuthDomain, ad.User, ad.Password)